Re: [dane] local-part case-sensitivity (was: draft-hoffman-dane-smime-03.txt)
Mark Andrews <marka@isc.org> Thu, 17 May 2012 02:38 UTC
Return-Path: <marka@isc.org>
X-Original-To: dane@ietfa.amsl.com
Delivered-To: dane@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4FD2021F86CA for <dane@ietfa.amsl.com>; Wed, 16 May 2012 19:38:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.164
X-Spam-Level:
X-Spam-Status: No, score=-2.164 tagged_above=-999 required=5 tests=[AWL=0.435, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uR060lUAcaNH for <dane@ietfa.amsl.com>; Wed, 16 May 2012 19:38:26 -0700 (PDT)
Received: from mx.ams1.isc.org (mx.ams1.isc.org [IPv6:2001:500:60::65]) by ietfa.amsl.com (Postfix) with ESMTP id 1F32821F8682 for <dane@ietf.org>; Wed, 16 May 2012 19:38:26 -0700 (PDT)
Received: from bikeshed.isc.org (bikeshed.isc.org [IPv6:2001:4f8:3:d::19]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client CN "mail.isc.org", Issuer "RapidSSL CA" (not verified)) by mx.ams1.isc.org (Postfix) with ESMTPS id 026485F9A1F; Thu, 17 May 2012 02:38:11 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (unknown [IPv6:2001:470:1f00:820:4d9d:63d1:95fc:acb8]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by bikeshed.isc.org (Postfix) with ESMTPSA id 46B04216C36; Thu, 17 May 2012 02:38:09 +0000 (UTC) (envelope-from marka@isc.org)
Received: from drugs.dv.isc.org (localhost [127.0.0.1]) by drugs.dv.isc.org (Postfix) with ESMTP id AE67F20AEDB1; Thu, 17 May 2012 12:38:06 +1000 (EST)
To: Peter van Dijk <peter.van.dijk@netherlabs.nl>
From: Mark Andrews <marka@isc.org>
References: <20120309184424.5853.82819.idtracker@ietfa.amsl.com> <72C87898-41D6-45B0-B4F8-EEACED13BA66@vpnc.org> <0E4DEE78-EF31-405D-B1B2-49093A24B4EB@netherlabs.nl> <E9EBBE5C-A011-43D2-8F23-9A8F71A6D205@vpnc.org> <CFE92643-438F-4878-BB21-C81C39A8B123@netherlabs.nl>
In-reply-to: Your message of "Wed, 16 May 2012 22:04:06 +0200." <CFE92643-438F-4878-BB21-C81C39A8B123@netherlabs.nl>
Date: Thu, 17 May 2012 12:38:06 +1000
Message-Id: <20120517023806.AE67F20AEDB1@drugs.dv.isc.org>
Cc: IETF DANE WG list <dane@ietf.org>
Subject: Re: [dane] local-part case-sensitivity (was: draft-hoffman-dane-smime-03.txt)
X-BeenThere: dane@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: DNS-based Authentication of Named Entities <dane.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dane>, <mailto:dane-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dane>
List-Post: <mailto:dane@ietf.org>
List-Help: <mailto:dane-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dane>, <mailto:dane-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 May 2012 02:38:30 -0000
In message <CFE92643-438F-4878-BB21-C81C39A8B123@netherlabs.nl>, Peter van Dijk writes: > Hello Paul, > > On May 16, 2012, at 21:53 , Paul Hoffman wrote: > > > I am completely confused here. The current draft says: > > 1. The user name (the "left-hand side" of the email address, called > > the "local-part" in [RFC2822] and the "local part" in [RFC6530]), > > is encoded with Base32 [RFC4648], to become the left-most label > > in the prepared domain name. This does not include the "@" > > character that separates the left and right sides of the email > > address. > > This preserves any case in the local part. Your suggestion (1) destroys the > case. It is also not valid for local parts that do not have clean lower-casi > ng rules; we went through this mess with IDNA2003. > > > I will try to clarify. Base32 certainly preserves case, and in that sense app > ears to honor the case-sensitivity requirement in 2822/6530. > > However, most (if not almost all) mail servers on the internet treat chris@ex > ample.com and Chris@example.com as the same user - and 2822/6530 do not prohi > bit this. If we base32-encode 'chris' but the user chooses to mail from 'Chri > s', the DNS lookup will not match and his S/MIME cert cannot be verified. You can down case the lookup and return multiple certs with different cases in the appropriate field in the cert itself. The client just needs to do a little bit more work to pick out the correct cert from the DNS response. Now I don't know if a cert can specify that it should be matched case insenitively for the local field or not but if the system treats the local part as being case insensitive that should be reflected in the cert or else there are already lots of mis-match issues. > I cannot conceive of an encoding scheme that honors case-sensitivity without > hampering the 99% of implementations that are actually case insensitive. Base > 32 enforces case-sensitivity, which breaks most implementations; a more plain > encoding (like encoding 'chris' as 'chris') (apart from having other issues > - the exact reason you went with base32) would be case-insensitive and would > thus violate 2822/6530. > > Kind regards, > -- > Peter van Dijk > Netherlabs Computer Consulting BV - http://www.netherlabs.nl/ > > _______________________________________________ > dane mailing list > dane@ietf.org > https://www.ietf.org/mailman/listinfo/dane -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
- Re: [dane] New Version Notification for draft-hof… Paul Hoffman
- Re: [dane] New Version Notification for draft-hof… James Cloos
- Re: [dane] New Version Notification for draft-hof… Paul Hoffman
- [dane] local-part case-sensitivity (was: draft-ho… Peter van Dijk
- Re: [dane] local-part case-sensitivity (was: draf… Paul Hoffman
- Re: [dane] local-part case-sensitivity (was: draf… Peter van Dijk
- Re: [dane] local-part case-sensitivity (was: draf… Paul Hoffman
- Re: [dane] local-part case-sensitivity (was: draf… Mark Andrews